The Harmony Endpoint Anti-Bot Solution
The Anti-Bot component:
-
Uses the ThreatCloud repository to receive updates and queries it for classification of unidentified IP, URL, and DNS resources.
-
Prevents damage by blocking bot communication to C&C sites and makes sure that no sensitive information is stolen or sent out of the organization.
The Endpoint Anti-Bot component uses these procedures to identify bot infected computers:
-
Identify the C&C addresses used by criminals to control bots
-
These web sites are constantly changing and new sites are added on an hourly basis. Bots can attempt to connect to thousands of potentially dangerous sites. It is a challenge to know which sites are legitimate and which are not.
Check Point uses the ThreatCloud repository to find bots based on these procedures.
The ThreatCloud repository contains more than 250 million addresses that were analyzed for bot discovery and more than 2,000 different botnet communication patterns. The ThreatSpect engine uses this information to classify bots and viruses.
The Endpoint Anti-Bot component gets reputation updates from the ThreatCloud repository. It can query the cloud for new, unclassified URL/DNS resources that it finds.